Re: WLC2504 - how to configure clients to access wireless (802.1
If the 802.1x authentication is failing it could be because one of these three reasons:
- Because the communication between the RADIUS server and the WLC is failing. In this case you have to verify if the shared secret is matching on both sides, if you are using the correct ports and make sure that those ports are opened between the devices, and of course that there is IP connectivity.
- Because the RADIUS server is not configured properly for the EAP method that you are using
- Because the client is not properly configured
for these two reasons you may want to take a look at the WLC's logs for authentication failures and it's reason but more importantly you need to check if you are getting authentication failures or attempts on your RADIUS server because if you are not then it means that the authentication is not even reaching the server. If you are getting authentication failures on your server, then you don't have to worry about the configuration of the WLC and you have to focus on the configuration of your server and client. This configuration depends on the EAP method that you are trying to do (PEAP, LEAP, EAP-TLS or EAP FAST).
WLC2504 - how to configure clients to access wireless (802.1x)
The CA root certificate that you need to check is the root certificate for the CA from which the radius server has a certificate.
Also, you can disable "validate server certificate" and it should work.
By default, the PEAP-MSCHAPv2 uses logged in username/password to connect to wireless. If the users use different credetnails to connect to the wireless then you want to disable the option of using windows log-in credentials.
Moreover, the best thing to check is the radius server logs. they should tell you why the authentication failed.
Rating useful replies is more useful than saying "Thank you"
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...